lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <23015.1443196492@warthog.procyon.org.uk>
Date:	Fri, 25 Sep 2015 16:54:52 +0100
From:	David Howells <dhowells@...hat.com>
To:	jmorris@...ei.org
cc:	dhowells@...hat.com, dwmw2@...radead.org, pmatouse@...hat.com,
	arjan@...ux.intel.com, apw@...onical.com, vlee@...pensource.com,
	keyrings@...r.kernel.org, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [GIT PULL] Miscellaneous keyrings and modsign fixes

Hi James,

Can you pass these changes on to Linus?  There are four:

 (1) Fix a potential race between keyring destruction and keyring lookup by
     name.

 (2) Remove unneeded headers from extract-cert.c, at least one of which will
     prevent it from compiling if the openssl libs are too old.

 (3) Don't strip leading zeros from the key ID when using it to construct a
     key description lest this make the key not match.

 (4) Downgrade use of CMS-based signatures to PKCS#7-based signatures if the
     openssl libs are too old.  Note that in this case, you are also limited
     to using SHA1 as the pre-1.0.0 openssl libs don't support anything else.

Thanks,
David
---
The following changes since commit ced255c0c5fb9ab52c9465982f23b1c14005ef8b:

  Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux (2015-09-24 20:14:26 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20150925

for you to fetch changes up to 283e8ba2dfde54f8f27d7d0f459a07de79a39d55:

  MODSIGN: Change from CMS to PKCS#7 signing if the openssl is too old (2015-09-25 16:31:46 +0100)

----------------------------------------------------------------
Keyrings fixes

----------------------------------------------------------------
David Howells (4):
      KEYS: Fix race between key destruction and finding a keyring by name
      KEYS: Remove unnecessary header #inclusions from extract-cert.c
      X.509: Don't strip leading 00's from key ID when constructing key description
      MODSIGN: Change from CMS to PKCS#7 signing if the openssl is too old

 Documentation/Changes                    |  2 +-
 crypto/asymmetric_keys/x509_public_key.c |  4 --
 scripts/extract-cert.c                   |  4 --
 scripts/sign-file.c                      | 94 ++++++++++++++++++++++++++------
 security/keys/gc.c                       |  8 +--
 5 files changed, 82 insertions(+), 30 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ